We have already repeatedly talked about the various methods that scammers use to gain access to the private keys of crypto users and t...
We have already repeatedly talked about the various methods that scammers use to gain access to the private keys of crypto users and their funds. Among them, the most popular are attacks on exchanges, crypto wallets hacking and cryptojacking. But the world does not stand still. Now criminals are mastering video calls, pretending to be Justin Sun and other representatives of the crypto industry, generating incorrect QR codes, advertising malicious extensions stealing seed phrases, promising to protect them from the coronavirus, or threatening to infect them if the victim does not transfer bitcoins to them. In the material, we understand new types of fraud on the crypto market.
Scammers impersonate another person on the air
Scammers often impersonate someone else - the crypto world is no exception. For example , in January, an attacker tried to impersonate a journalist for CoinDesk, a cult publication about cryptocurrencies, in a messenger. The criminal offered one PR woman to "publish" a positive article about her project for only $ 600. The deception failed. But the publication found two victims who believed the deceivers and paid them money. How many such people really are is unknown.
But correspondence is yesterday. Fraudsters start to master video calls using pre-prepared videos with the participation of a crypto-celebrity, or they make videos with fake people using deepfake technology. In the first case, they watch a lot of videos with a famous person - speeches, live broadcasts and presentations - and cut from them the most universal fragments. In the second, a fake, but realistic video is made in which a person does something that in fact was not. Using machine learning technology, other faces are superimposed on the characters in the video, which look so natural that they are almost indistinguishable from real ones. Scammers can even combine the two.
So, this spring, attackers tried to get $ 32,000 from the co-founder and lead developer of uPlexa blockchain startup Kyle Pearce, posing as the infamous crypto entrepreneur Justin Sun, the founder of the TRON Foundation. Pierce talked about this in his blog on May 24.
On April 25, Pierce was contacted by a man who identified himself as William Chung, who is listed on LinkedIn as the chief operations and business development officer at Ledger Capital. In the profile of this company, by the way, there is a website . Chang said that he was looking for projects for investment, and invited Pierce to call on Skype.
William Chang's LinkedIn page. Source .
The entrepreneur often receives requests for investment financing of the uPlexa network, but they usually come down to an offer to buy the project coins at a discounted price. Here, it was about direct investment - Pierce found this suspicious, but decided to see how things would turn out. For several weeks, both could not dock the schedule, after which they finally phoned.
Fragments of Pierce's correspondence with Chang. Source .
During the call, Chang revealed that his company is working with the TRON Foundation on a secret new project that provides incentives to partner with other crypto projects doing “unique things” within the blockchain industry.
During the conversation, there was a constant desynchronization of sound and image. This could be attributed to poor connection, but Chang often spoke without opening his mouth. After a strange call, Pierce received an email that looked like it was sent from the official TRON Foundation domain.
Letter to Pierce from the fake TRON Foundation. Source .
However, in practice, the scammers used the IP address of the Online Data Services provider, which is often used by cybercriminals to spoof email addresses. The letter suggested calling Justin Sun himself.
When Peirce checked the email's SPF (an extension to the email sending protocol that allows domain verification) and his DKIM (digital signature to authenticate the sender and guarantee the integrity of the email), the message turned out to be from Online Data Services. Source .
During a video call with the fake Sun, he offered Pierce a listing on several exchanges and the opportunity to transfer his project to the TRON blockchain. All the fake Justin wanted in return was a minimum investment of $ 32,000. This is still with a 40% discount, since the usual fee is $ 80,000. Right on the call, Sun asked Pearce to sign a contract to seal the deal. The entrepreneur refused.
The video call with the fake Sun turned out to be just a pre-recorded video. To test his interlocutor, Pierce asked him if he would have access to funds within seven months, since he needed heart surgery. Fake Sun replied that “the coins are not locked and you have access to them. All this will be written into the contract, "adding that" I am very sorry to hear about this. I wish the operation process went smoothly for you . "
Pierce wasn’t the only one the crooks tried to trick with the help of the fake Sana. On May 23, the team of the crypto project Mochimo told their story . The company was written by a woman named Shelley Wu, who introduced herself as the chief marketing officer of TRON. According to the Mochimo team, her letters looked convincing, so they agreed to continue the conversation. Soon after, they received an email, apparently from Sana, offering them a "private partnership program." The email contained a link to a site that looked like a TRON product but was not hosted on the branded domain and had been registered anonymously just days before. Once convinced that this was a scam, Mochimo decided to see how far the attackers would go. In their correspondence, they unexpectedly sent a clearly forged copy of San's passport.
Fake San's passport and original photograph used by the scammers. Source .
After that, "Sana" called with the founder of Mochimo Matt Zweil. The scammers used cutting slow-motion videos with Justin, but overlaid their own voice. "Sun" also spoke "by the lips", the video paused when Zweil spoke. The same swindlers tried to deceive Pierce and Zweil, or they were different criminals - it is unknown.
If you think that fraud with fake videos of famous people threatens only large crypto entrepreneurs, then you are wrong. False endorsements of scam projects by well-known people in the industry are not uncommon in the crypto world. For example, in Australia, for this purpose, they used the image of the former head of the NSW bank Mike Byrd to advertise a bitcoin scam.
But more recently, scammers have gone further and began to advise scams in fake interviews and commercials. So, in April, the image of the British presenter Rylan Clark-Neil was used in a fake interview with The Daily Mirror tabloid, in which he told how he made millions on bitcoins.
Nowadays, deepfake videos are still relatively easy to distinguish, but the technology is developing rapidly, and after a couple of years, it can be almost impossible to tell the difference between the original and the fake without special tools. Especially during a Skype call. Deepfake can discredit or deceive anyone. Imagine that the head of a small crypto company receives a call from Justin Sun, who is indistinguishable from the real one and offers a good deal.
One of the methods to combat this is blockchain. Data encryption will allow you to verify the authenticity of the video. Blockchain integration into police surveillance cameras is already being studied by Axon, and Alethea AI has launched a decentralized network to track content generated by neural networks.
Protecting yourself from this kind of scam is easy. Do not share commercially sensitive and confidential information with online strangers who come to you with a too good offer. If you received a letter from some "company" with a similar proposal, check if the email was actually sent from it. In the end, just write a new letter to the address from the official website.
Fraudulent QR codes
Another new type of fraud is fake QR code generators. The latter should make it easier for users to send cryptocurrencies: just scan the code and not be afraid that there will be errors in the wallet address. Almost all exchangers and most wallets provide this service.
However, in reality, it is not always safer than manually entering details. Malware can replace the address in the QR code with the attacker's wallet address - the victim usually does not notice this. Some scammers do not just create a QR code, but also replace the correct wallet address with their own in the clipboard. When the victim, having copied the QR code, checks it, the system will write that everything is correct.
In March, a unified network of malicious QR code generators stole about 7 BTC from users. MyCrypto security director Harry Denley exposed nine sites with fraudulent code generators that sent users' coins to five of the attacker's wallets. These sites were hosted on three separate servers, which contained 450 more suspicious resources with the keywords "COVID-19", "cryptocurrencies" and "Gmail". Also among these sites are several "bitcoin transaction accelerators" that claim to speed up transfers to BTC for a fee of 0.001 BTC. More than 17.6 BTC has already been transferred to the wallets of these projects - more than $ 170,000 today.
This is not the first case of QR code fraud. In August 2019, the ZenGo wallet team identified a network of malicious generators that carried out transactions to the cybercriminals' wallets in the amount of $ 20,000. At the same time, four out of the first five search results for the code generator presented in the Google search turned out to be fraudulent.
In order not to become a victim of this scam, it is enough to generate the code with your own or trusted service, and not the first ones that come across on Google. A QR code generated by an unknown service can be verified through the wallet to make sure it is the same address as the original one. If in doubt about the correctness of the code, send a small amount to make sure the recipient is who you want.
Fake apps
In early March, hardware wallet maker Ledger warned users about a rogue Google Chrome extension that steals passphrases to recover wallet passwords. By the way, the threat was first discovered by Harry Denley from MyCrypto.
An extension called Ledger Live disguised itself as a real application of the same name, allowing Ledger wallet users to confirm transactions by syncing their hardware wallet to the device. The scammers asked the victims to synchronize the extension with the wallet by entering a seed phrase, after which they stole the coins. To make matters worse, the extension was advertised through Google Ads and used Google Docs to collect data.
A screenshot with an advertisement for a malicious Google application. Source .
Initially, the threat was not taken seriously enough, but by the end of March, criminals had managed to steal over 1.4 million XRP coins, and there was no exact data on other assets.
This is not the only time crypto users have encountered a fake Chrome extension:
- Last May, a fake Google browser extension for Trezor wallets was discovered.
- In December last year, user data was stolen through an extension for the Ethereum wallet .
- In early January this year, scammers stole about $ 16,000 in Zcash through another malicious Ledger extension .
Criminals generally like to exploit vulnerabilities in hardware wallets. For example , in October last year, a Reddit user posted a link to a Shopify website offering KeepKey hardware wallets for as little as $ 5 - most likely these devices have already been jailbroken.
Coronavirus panic scam
In March, research company AnChain collected information on how criminals, amid a shortage of protection against coronavirus, sell masks and antiseptics for digital assets, but do not send goods to customers. Scammers have thus stolen at least $ 2 million in cryptocurrencies. The growth of crypto-fraudulent crimes based on the panic around COVID-19 was also reported by Interpol.
In March, DomainTools reported an increase in the number of domain names mentioning coronavirus to spread virus programs disguised as an infection map. The criminals claimed that their apps were approved by WHO and other health organizations and would alert users if they came into contact with an infected person. So, on the coronavirusapp website, you could download the CovidLock application, which blocked the smartphone and demanded a ransom of $ 100 in the BTC. Fortunately, such applications are not widely used.
Screenshot of a malicious anti-coronavirus application. Source .
In March, authorities in the counties of Pembrokeshire, Manchester and Norfolk in the UK also warned their residents about the increase in crypto scams amid the pandemic. The criminals sent people messages in instant messengers or e-mails, claiming that they could provide a list of COVID-positive residents of their area for "donating" in bitcoins. They covered their actions with the alleged recommendations of the WHO and the US Centers for Disease Control and Prevention (CDC).
Back in March, several regulators in the UK, US and Malta, including the UK Financial Conduct Authority (FSA) and the US Securities and Exchange Commission (SEC), alerted investors to a new round of coronavirus-related crypto scams. Departments warned against criminals who could commit scams with insurance policies, pension savings and investor with promises of increased returns.
The number of crypto scams is growing
The pandemic and crisis are affecting criminals as well. On April 20, 2020, the FBI released an official statement about the growth in the number of cryptocurrency fraud. In March, the growth of financial fraud crimes, including against members cryptocurrency, declared and the Department of Financial Crimes Investigation Board (FinCen). Several groups of scams stand out among them.
Attempts at blackmail. Fraudsters send letters to victims and try to blackmail them, threatening to disclose some "dirty secrets" (which may not exist). The most popular threat is the publication of intimate photos and videos of the victim (sextortion). This is a popular scam and spam filters have learned to distinguish between such emails. However, the attackers have come up with new tricks: they send letters in foreign languages, and wallet addresses are divided into several parts. With the spread of COVID-19, another new tactic has emerged - the threat of the recipient infecting with the coronavirus in case of refusal to pay out the cryptocurrency. By the way, offers to donate funds to fight the pandemic from fraudulent sites copying WHO and its analogues have also grown.
Job offer from scammers. Fraudsters may ask you to help cash out the funds from the sale of cryptocurrency for a percentage of the amount. This money is most likely stolen from other victims, and the user who agreed to these terms becomes an accomplice in the crime.
Investment scams , when criminals offer the victim to invest in a new cryptocurrency or ICO (yes, this is still relevant), which will certainly make the investor rich. In reality, scammers, of course, simply steal money.
Therefore, we recommend that you adhere to simple but effective rules when conducting transactions with cryptocurrencies and working with players of the crypto market unknown to you:
- Check all the information provided to you in several sources.
- Don't trust extremely good deals.
- Report intruders and use security software.
- Feel free to check with crypto experts.